CVE-2022-49256 Information

Description

In the Linux kernel the following vulnerability has been resolved:

watch_queue: Actually free the watch

free_watch() does everything barring actually freeing the watch object. Fix this by adding the missing kfree.

kmemleak produces a report something like the following. Note that as an address can be seen in the first word the watch would appear to have gone through call_rcu().

BUG: memory leak unreferenced object 0xffff88810ce4a200 (size 96): comm \syz-executor352\ pid 3605 jiffies 4294947473 (age 13.720s) hex dump (first 32 bytes): e0 82 48 0d 81 88 ff ff 00 00 00 00 00 00 00 00 ..H…………. 80 a2 e4 0c 81 88 ff ff 00 00 00 00 00 00 00 00 ……………. backtrace: [] kmalloc include/linux/slab.h:581 [inline] [] kzalloc include/linux/slab.h:714 [inline] [] keyctl_watch_key+0xec/0x2e0 security/keys/keyctl.c:1800 [] __do_sys_keyctl+0x3c4/0x490 security/keys/keyctl.c:2016 [] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 [] entry_SYSCALL_64_after_hwframe+0x44/0xae

Reference

https://git.kernel.org/stable/c/31824613a42aacdcbeb325bf07a1c8247a11ebe2 https://git.kernel.org/stable/c/3d8dcf278b1ee1eff1e90be848fa2237db4c07a7 https://git.kernel.org/stable/c/7e8c9b0df07a77f0d072603b8ced2677e30e1893 https://git.kernel.org/stable/c/9d92be1a09fbb3dd65600dbfe7eedb40e7228e4b https://git.kernel.org/stable/c/f69aecb49968e14196366bbe896eab0a904229f5